This topic summarizes some of the support boundaries for
Forefront Unified Access Gateway (UAG), where support generally
describes whether Microsoft Customer Support Services (CSS) or
Microsoft Services can help when you attempt to deploy or configure
Forefront UAG in a given scenario.

Forefront UAG and Forefront UAG
DirectAccess

You can use Forefront UAG as a publishing server,
creating trunks to publish corporate applications for access by
remote client endpoints either directly, or via a Web portal. In
addition, you can deploy Forefront UAG as a DirectAccess server, to
extend the benefits of Windows DirectAccess across your
infrastructure, providing transparent access for DirectAccess
clients. Note the following:

A single server can be configured as both a Forefront UAG
publishing server, and as a Forefront UAG DirectAccess server.

An array can consist of Forefront UAG servers that act as both
remote access publishing servers, and as Forefront UAG DirectAccess
servers.

You cannot publish the Network Connector application when
Forefront UAG is configured as a DirectAccess server.

IPv6 support

In order to support DirectAccess, which is IPv6-based,
Forefront UAG allows the following IPv6 traffic:

Inbound authenticated IPv6 traffic (using IPsec). This also
includes the IPsec initiation traffic.

Forefront TMG running on Forefront UAG

By default, Forefront Threat Management Gateway (TMG)
is installing during Forefront Unified Access Gateway (UAG) Setup.
Forefront TMG is installed as a complete product, and is not
modified to run on a Forefront UAG server.

Although you can configure Forefront TMG running on
Forefront UAG using the Forefront TMG Management console, Forefront
TMG is intended for use of the Forefront UAG infrastructure only.
Specifically, the following is not supported:

Forefront TMG is installed automatically
during Forefront UAG Setup, and removed automatically if Forefront
UAG is uninstalled. Installing and uninstalling only Forefront TMG
is not supported.

Supported Forefront TMG
configurations

You can use Forefront TMG running on the Forefront UAG
server, as follows:

Creating access rules using the Forefront TMG
Management console, for the purpose of limiting users, groups, and
networks for granular access when deploying Forefront UAG for VPN
remote network access.

Monitoring with the Forefront TMG Management
console.

Limiting users, groups, sources and
destinations on Forefront TMG system policy rules, with the purpose
of enabling access to corporate servers and remote management to
and from the Forefront UAG local host server.

You can publish the following applications
via Forefront TMG:

Exchange SMTP/SMTPS

Exchange POP3/POP3S

Exchange IMAP/IMAPS

Office Communications Server (OCS)—Only
Communicator Web Access should be published using Forefront UAG.
Other OCS features should be published using the Forefront TMG
console running on the Forefront UAG server.